cvedb.io
CVE-2026-41856
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-06-11T07:16:28.513 · Last modified 2026-06-30T22:16:56.480

Summary

The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.

Affected products

vmware — spring_for_graphql

Does this affect you?

Add your gear to cvedb and we'll alert you only when vmware ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.